|
851
|
- |
|
-
|
-
|
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-2725
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
7.5 |
HIGH
Network
|
-
|
-
|
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-23827
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-23826
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
7.5 |
HIGH
Network
|
-
|
-
|
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network mess…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-23825
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.
New
|
CWE-94
Code Injection
|
CVE-2025-65719
|
2026-05-14 01:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
- |
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvide…
New
|
CWE-285
CWE-668
Improper Authorization
Exposure of Resource to Wrong Sphere
|
CVE-2026-42875
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
4.9 |
MEDIUM
Network
|
-
|
-
|
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSec…
New
|
CWE-285
Improper Authorization
|
CVE-2026-42876
|
2026-05-14 01:11 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8290
|
2026-05-14 01:11 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8267
|
2026-05-14 01:10 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
- |
|
-
|
-
|
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted app…
New
|
CWE-601
Open Redirect
|
CVE-2026-41513
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
